[Moin-user] plugin user auth

Roger Haase crosseyedpenguin at yahoo.com
Mon Dec 5 12:56:17 EST 2005 

--- Thomas Waldmann <tw-public at gmx.de> wrote:
> --- Michael Matthews <mjmatthews1 at rcn.com> wrote:
> > There is already a login mechanism that is used at my site.
> Essentially 
> > all users will be logged in using a cookie mechanism. cookie
> contains 
> > user information. I need to do the following:
> > 
> > 1) insert cookie retrieval in moin.cgi.
> > 2) plugin cookie info to moinmoin user info.
> > 3) remove login stuff from wiki.
> 
> I can check if I can add some sample code for this to the next beta 
> (expected the next days). The cookie stuff is quite easy to do, the 
> login/logout removal stuff can (at least partly) done by
> configuration now.
> 


I was waiting for this as well, and I found the sample code as promised
in beta 5 at 
   contrib/auth_externalcookie/wikiconfig.py
I was hoping to use the new method to eliminate/simplify the
modifications I put into Moin 1.3.x.

What I don't see or understand is a way to get a user authorized
(login) who is not yet authorized.  What I did in 1.3.x was to replace
the "login" link and "UserName" links in the wiki page headers with
links to my own login and logout urls.  

I did this by creating a default theme and using it as a means of
overriding the username method in the class ThemeBase in __init__.py in
the theme directory. Overriding the login link:
    #~ userlinks.append(prefpage.link_to(request, text=_("Login")))
    userlinks.append('<a  href="../someDomain/DomainLogon">Login</a>') 

And overriding the UserName with a "Logout":
    #~ userlinks.append(homelink)
    userlinks.append('<a 
href="../someDomain/DomainLogout">Logout</a>')

The DomainLogin presents a login page, then processes the login
ID/password against a mysql database, creates a MOIN_ID cookie, and
returns the user to the wiki page the user was on when he clicked
"login". 

Other things I had to do was create a user file for each user and then
modify the UserPreferences page to eliminate unwanted options.

I should note the reason for wanting to log in is it to edit pages, in
my wiki anyone can read a wiki page but users must be logged in to edit
pages.  User profiles must be created in advance because the mods above
eliminates a users ability to create a new ID.

I am not very expert on http basic auth or LDAP, etc.  But it seems the
1.5 enhancements expect login to occur before the user is allowed to
access the first wiki page.  Am I missing something in the 1.5
enhancements that allows the user to initiate customized login/logout
after accessing several wiki pages?

Roger Haase


		
__________________________________ 
Start your day with Yahoo! - Make it your home page! 
http://www.yahoo.com/r/hs

More information about the Moin-user mailing list